LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

LWN Weekly Edition

Front page
Security
Kernel development
Distributions
Development
Announcements
->One big page

 

This page

Previous week
Following week

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Security

Fedora reexamines "trusted boot"

By Jake Edge
June 29, 2011

When we looked in on Fedora's decision on enabling "trusted boot" a little over a year ago, the consensus seemed to be that adding a feature that depended on a closed-source binary firmware blob ran counter to the distribution's goals. Since then, that blob is in the process of being added into the BIOS of various systems—though it remains closed—and the "tboot" (trusted boot hypervisor) package has been added to Fedora. Those changes might make it more attractive for Fedora to provide a way for users to enable it at install time. But there is still resistance to adding the feature, and it didn't make the cut for Fedora 16. It seems likely to come up again for Fedora 17 or beyond, so it may well make its way into the distribution sooner or later.

Trusted boot is a way to use the Trusted Platform Module (TPM) hardware that comes in many systems to only boot signed binaries. The fear is that it will enable hardware vendors to lock down their systems—by requiring binaries signed by their keys in order to boot—but it could also be used to protect against various kinds of malware. As with any hardware-based integrity scheme, it all depends on who holds the keys.

Matthew Garrett opened the discussion on fedora-devel, pointing to a proposed feature on the Fedora wiki. That wiki page is fairly thin on details, which is one of the things that sunk the proposal this time, but it essentially proposes changing the anaconda installer to allow users to choose trusted boot and to provide a way to change the GRUB configuration to support it.

One of the first questions was about the benefit of the feature to Fedora. Camilo Mesias asked about the use cases for trusted boot. Daniel Walsh listed a number of possibilities:

The idea is to allow certain tools/machines to make judgments on how "trusted" a machine is. For example you could set up a VPN server that says I will only allow a machine that passes the "Trusted" test to join my network. Another potential example would be to not allow a guest machine to run on your host if its OS is not "Trusted" Or to have a guest OS check to see if the Host Server is Trusted or stop running.

Several of those use cases rely on the "remote attestation" feature of trusted boot, which means that a suitably configured system that has the "proper" keys stored in the TPM can provide a signed cryptographic hash corresponding to the kernel in use. There was some confusion in the thread about what remote attestation means, but, beyond that, there are concerns that it could be used to thwart users installing their own kernel, even on free software OSes. As Gregory Maxwell put it:

If trusted boot in fedora is widely deployed, then $random_things may demand I use a particular fedora kernel in order to access them. Both [handicapping] my personal freedom to tinker with my own computer by imposing new costs on it, and hampering the Fedora project by creating additional friction against upgrades. ("Sorry, I can't upgrade to the new kernel to test that, because then I won't be able to watch netflicks!")

A bigger problem might be that services start requiring some proprietary OS, rather than a particular Fedora kernel. That would, of course, suit the proprietary OS vendors just fine. But that could happen regardless of what Fedora does. If requiring a Fedora kernel is important, services can require that only approved kernels be used and require that users enable and configure trusted boot in order to access them. The more likely outcome under that scenario would leave Fedora (and other Linux distributions) out in the cold, of course.

While the closed-source nature of the SINIT blob (aka SINIT AC), which is the code that does the low-level integrity checking, worries some, Intel is evidently adamant that the code remains closed. From a practical standpoint, having the code wouldn't do much for users, as Miloslav Trmač points out:

The purpose of the blob is to "measure" the system state; only the blob (and hardware reset) is allowed to restart the "measuring" process in the TPM. For this to work securely, the blob must be signed by someone that the TPM itself trusts - otherwise an attacker could replace the blob by something that lies about the system state.

So, from a standpoint of hacking, it doesn't matter - users won't have the practical freedom to modify the blob anyway because they can't sign it.

From a standpoint of learning/sharing/review - I agree having the source code would be very useful.

As was noted in the thread, we are already largely at the mercy of the hardware and BIOS vendors with respect to the code that runs on our systems. The relatively recent System Management Mode (SMM) additions to the BIOS are just one example. As Adam Williamson put it:

Well, the fact that BIOSes aren't open source means that anyway. As far as we the users are concerned, the BIOS is black box code which runs with the ultimate in administrative privileges. It could be doing _anything_ back there. SMM is a fairly standardized example of this, sure, but there's no way we can really be sure our BIOS isn't doing a zillion other 'bad things'.

But, the presence of Intel signing keys stored in the TPM, which is required to verify the SINIT blob, may lead to some worrisome restrictions. Björn Persson points out that there are alternative, free software BIOS implementations (e.g. Coreboot), but that it may be impossible to replace SINIT:

I have never dared to try Coreboot myself, for fear of destroying my motherboard, but in principle it's possible to replace the BIOS in most current computers with a free implementation. It's looking like the TPM makes it impossible to replace Sinit with a free clone.

Aside from the technical issues, and concerns, the actual feature request on the wiki didn't provide a whole lot of information about how the feature would be used, and how it would be integrated into the Fedora install and boot processes. What facilities would be present for remote attestation, how they could be disabled by users, and what happens when a user tries to boot an "untrusted" kernel are all left up in the air in the feature proposal. It also didn't provide much in the way of justification for why trusted boot would be useful to Fedora users. It is clear to some that it could be useful, if users could create and install their own keys, but the wiki page didn't really make that clear. That led to several requests for more information to be added to the feature request.

The Fedora Engineering Steering Committee (FESCo) took up the request at its June 27 meeting. The discussion in the IRC log of the meeting paralleled that of the mailing list to some extent. The FESCo members seemed a bit puzzled by what exactly was being proposed—and why it would be useful. As Kevin Fenzi (aka nirik) said: "I think there's cool things we could use this for, but 'enable it now so we can do ~wave hands~ later' seems non ideal. Why not set it up to do something our users care about and _then_ enable it."

There was also some discussion of which pieces of Fedora needed changing (anaconda and grubby being two obvious places that might require modification). But the overall sense was that there just wasn't enough meat in the proposal to add it as a Fedora feature. Fenzi is optimistic that it could be done right for Fedora users, but it needs to be fleshed out more:

Setup ways to check the fedora provided kernels. Offer users a way to not boot on problems. Offer users a way to let them attest or decline to attest that it was a valid boot. Allow users to load their policy or change it. etc, the control should be in the users hands, and if this is a feature we should be providing the users those tools.

So FESCo decided to decline the feature for Fedora 16, but agreed that interested parties should continue working on it for possible inclusion down the road. Any work that is done in anaconda, grubby, or elsewhere will have to be negotiated between the trusted boot proponents and the other projects, as there is no FESCo mandate for the feature. It would not be surprising to see this feature come up again in six months or a year.

The TPM and "trusted computing" (aka "treacherous computing") evoke strong reactions. While it is clear that they can be used in ways that essentially lock users out of their own hardware, they could also be used in ways that allow users to ensure the integrity of the code running on those same systems. Like many technologies, trusted boot can be used for good or ill.

If Fedora can provide ways for its users to take advantage of this technology, without being taken advantage of, it will definitely be something that some security-conscious users will benefit from. Intel's secrecy with regard to the SINIT blob is somewhat troubling, but doesn't change the closed-source BIOS problem all that much really. A bigger problem for Fedora down the road may be trying to support users who enable the feature but run into problems getting their Fedora (or custom-built) kernels to boot. But, that's a problem for another day.

Comments (33 posted)

Brief items

Security quotes of the week

So in my head there's a little Walter Sobchak beating on my conscience and shouting "This is what you get when you trust Facebook with your data, Will".

The reason is that I upload photos to Facebook using KDE's shared uploader and this has fallen victim to the whims of FB's purge of its app biosphere. Unless the original developer can convince them that the app is not spammy, offering a bad experience or having the wrong attitude, the app, my photos (all archived elsewhere of course), but most importantly, all the kind comments from my friends and contacts that represent FB's only value, get sent to the farm.

-- Will Stephenson

There's a Dirty Harry sort of network going after the perps at this point. But like the vigilante cops in the movie of the same name, the urban legend value of what LulzSec is doing is difficult to ignore. Law enforcement officials are sure to catch up with "the gang" soon. Or so it is thought. If I were them, and I'm not, I would have already piled up mounds of misleading pointers to random people to distract investigations from finding who I was. I'm guessing a lot of innocents get caught in the dragnet. More lulz for twisted minds. I smell a Hollywood screenplay in the making.
-- Tom Henderson

LulzSec wasn't an isolated or unique phenomenon. People with passionate beliefs have been using new technological tools to effect change out of a sense of powerlessness. In the last year, I've watched 38 Degrees using the strength of association online to change government policy, WikiLeaks force transparency on those who'd rather run from it, even the amorphous mass that is Anonymous taking a stand on whatever issue they feel deserves their attention.
-- Loz Kaye

Comments (5 posted)

New vulnerabilities

asterisk: denial of service

Package(s):asterisk CVE #(s):CVE-2011-2216
Created:June 27, 2011 Updated:July 13, 2011
Description: From the Red Hat bugzilla:

A denial of service flaw was found in the way Asterisk processed malformed Contact headers in SIP calls. A remote attacker could use this flaw to cause asterisk server crash via specially-crafted Contact header sent in a reply upon initialization of a SIP call.

Alerts:
Fedora FEDORA-2011-8983 2011-07-02
Fedora FEDORA-2011-8319 2011-06-14

Comments (none posted)

curl: exposed client credentials

Package(s):curl CVE #(s):CVE-2011-2192
Created:June 24, 2011 Updated:March 6, 2012
Description: From the Ubuntu advisory:

Richard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation, handing the server a copy of the client's security credential.

Alerts:
CentOS CESA-2011:0918 2011-08-14
Mandriva MDVSA-2011:116 2011-07-22
CentOS CESA-2011:0918 2011-07-06
Scientific Linux SL-curl-20110705 2011-07-05
Red Hat RHSA-2011:0918-01 2011-07-05
Fedora FEDORA-2011-8640 2011-06-24
Debian DSA-2271-1 2011-07-02
Fedora FEDORA-2011-8586 2011-06-24
Ubuntu USN-1158-1 2011-06-24
openSUSE openSUSE-SU-2012:0199-1 2012-02-09
Gentoo 201203-02 2012-03-05

Comments (none posted)

gdk-pixbuf2: excessive memory use

Package(s):gdk-pixbuf2 CVE #(s):CVE-2011-2485
Created:June 27, 2011 Updated:March 15, 2013
Description: From the Fedora advisory:

It was found that gdk-pixbuf GIF image loader gdk_pixbuf__gif_image_load() routine did not properly handle certain return values from their subroutines. A remote attacker could provide a specially-crafted GIF image, which once opened in an application, linked against gdk-pixbuf would lead to gdk-pixbuf to return partially initialized pixbuf structure, possibly having huge width and height, leading to that particular application termination due excessive memory use.

Alerts:
Mandriva MDVSA-2011:132 2011-09-06
Fedora FEDORA-2011-8667 2011-06-24
Fedora FEDORA-2011-8917 2011-07-01
Fedora FEDORA-2011-8966 2011-07-01
Slackware SSA:2011-178-01 2011-06-28
Fedora FEDORA-2011-8672 2011-06-24
Gentoo 201206-11 2012-06-21
Gentoo 201206-20 2012-06-23
Oracle ELSA-2013-0646 2013-03-14

Comments (none posted)

git-web: cross-site scripting

Package(s):git-web CVE #(s):CVE-2011-2186
Created:June 28, 2011 Updated:June 29, 2011
Description: From the openSUSE advisory:

Users with commit access to repos served by git-web could cause cross site scripting (XSS) issues with XML files

Alerts:
openSUSE openSUSE-SU-2011:0705-1 2011-06-28

Comments (none posted)

kernel: privilege escalation

Package(s):kernel CVE #(s):CVE-2011-1169
Created:June 28, 2011 Updated:August 9, 2011
Description: From the Ubuntu advisory:

Dan Rosenberg discovered that some ALSA drivers did not correctly check the adapter index during ioctl calls. If this driver was loaded, a local attacker could make a specially crafted ioctl call to gain root privileges.

Alerts:
Ubuntu USN-1202-1 2011-09-13
Ubuntu USN-1187-1 2011-08-09
Ubuntu USN-1167-1 2011-07-13
Ubuntu USN-1160-1 2011-06-28

Comments (none posted)

libgnomesu: privilege escalation

Package(s):libgnomesu CVE #(s):CVE-2011-1946
Created:June 27, 2011 Updated:June 29, 2011
Description: From the openSUSE advisory:

The libgnomesu pam backend did not check the return value of the setuid() functions. Local users could exploit that to gain root privileges

Alerts:
openSUSE openSUSE-SU-2011:0694-1 2011-06-27

Comments (none posted)

libgssglue: privilege escalation

Package(s):libgssglue CVE #(s):CVE-2011-2709
Created:June 27, 2011 Updated:April 8, 2013
Description: From the SUSE advisory:

This update fixes insecure getenv() usage in libgssglue, which could be used under some circumstances by local attackers to gain root privileges.

Alerts:
SUSE SUSE-SU-2011:0696-1 2011-06-27
Fedora FEDORA-2012-8067 2012-06-10
Fedora FEDORA-2012-7971 2012-06-15
Mageia MGASA-2012-0159 2012-07-10
Gentoo 201209-22 2012-09-27
Ubuntu USN-1612-1 2012-10-15
Mandriva MDVSA-2013:043 2013-04-05

Comments (none posted)

Page editor: Jake Edge
Next page: Kernel development>>

Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds